Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through <= 1.3.12.

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records. After Wings sends activity logs to the panel it deletes the processed activity entries from the wings SQLite database. However, it does not consider the max parameter limit of SQLite, 32766 as of SQLite 3.32.0. If wings attempts to delete more than 32766 entries from the SQLite database in one query, it triggers an error (SQL logic error: too many SQL variables (1)) and does not remove any entries from the database. These entries are then indefinitely re-processed and resent to the panel each time the cron runs. By successfully exploiting this vulnerability, an attacker can trigger a situation where wings will keep uploading the same activity data to the panel repeatedly (growing each time to include new activity) until the panels' database server runs out of disk space. Version 1.12.0 fixes the issue.

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks.

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use of easily guessable passwords, potentially resulting in unauthorized access